Another security problem..

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Everyone,

On 19-Oct-05 at about 1:00pm my time, someone from IP 194.150.85.114
accessed my web-server trying to access a file called
main.php in the following places:
194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] "GET
/phpmyadmin/main.php HTTP/1.0" 404 304 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:53 -0400] "GET /PMA/main.php
HTTP/1.0" 404 297 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /mysql/main.php
HTTP/1.0" 404 299 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /admin/main.php
HTTP/1.0" 404 299 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /db/main.php
HTTP/1.0" 404 296 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET /dbadmin/main.php
HTTP/1.0" 404 301 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET
/web/phpMyAdmin/main.php HTTP/1.0" 404 308 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:54 -0400] "GET
/admin/pma/main.php HTTP/1.0" 404 303 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
/admin/phpmyadmin/main.php HTTP/1.0" 404 310 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
/admin/mysql/main.php HTTP/1.0" 404 305 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
/mysql-admin/main.php HTTP/1.0" 404 305 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:55 -0400] "GET
/phpmyadmin2/main.php HTTP/1.0" 404 305 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
/mysqladmin/main.php HTTP/1.0" 404 304 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
/mysql-admin/main.php HTTP/1.0" 404 305 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET /main.php
HTTP/1.0" 404 293 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
/phpMyAdmin-2.5.6/main.php HTTP/1.0" 404 310 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
/phpMyAdmin-2.5.4/main.php HTTP/1.0" 404 310 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:56 -0400] "GET
/phpMyAdmin-2.5.1/main.php HTTP/1.0" 404 310 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:57 -0400] "GET
/phpMyAdmin-2.2.3/main.php HTTP/1.0" 404 310 "-" "pmafind"
194.150.85.114 - - [19/Oct/2005:13:01:57 -0400] "GET
/phpMyAdmin-2.2.6/main.php HTTP/1.0" 404 310 "-" "pmafind"

Of course, this attack fell on deaf ears on my server....  but, I'd
like everyone to know since this is a security risk if they do have a
PHP document configuring some of these administrative tasks open on
the internet.

Thanks,
James Kosin

- - --
- - --
James Kosin

International Communications Group, Inc.
230 Pickett's Line
Newport News, VA  23603-1366
- - - United States of America -

Phone: 1(757)947-1030 ext. 122
Fax  : 1(757)947-1035

- - --
GPG Fingerprint: 28E9 6487 34B2 18DD 6468 F091 8CD9 2038 DEB0 0590
GPG Key ID:     0xDEB00590

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDV75UjNkgON6wBZARA6DmAJ9NMxZNiNCvKxy8eBZZQ0D7luLnegCfXDb8
SYP3+FueDyDnOzdwLLDA2PI=
=D30R
- -----END PGP SIGNATURE-----


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDV757kNLDmnu1kSkRA8uzAJ43tmMFXtvaGW4SC8IOjVbvYFVbzACfbWO/
5C3JQsLUIER/lsmoAQbRD8k=
=Ij0X
-----END PGP SIGNATURE-----
-- 
Scanned by ClamAV - http://www.clamav.net


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux